From 6c9f8fa4d3345875704b89650a93520646f66455 Mon Sep 17 00:00:00 2001
From: pietrodematteis <146813010+pietrodematteis@users.noreply.github.com>
Date: Tue, 11 Feb 2025 15:34:33 +0100
Subject: [PATCH] Create dependency-check-sbom.yml

---
 .github/workflows/dependency-check-sbom.yml | 37 +++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .github/workflows/dependency-check-sbom.yml

diff --git a/.github/workflows/dependency-check-sbom.yml b/.github/workflows/dependency-check-sbom.yml
new file mode 100644
index 0000000..1018ab0
--- /dev/null
+++ b/.github/workflows/dependency-check-sbom.yml
@@ -0,0 +1,37 @@
+name: Source Image SBOM - Dependency Check
+
+on:
+  workflow_dispatch:
+    inputs:
+      src_repository:
+        description: 'Source Repository'
+        required: true
+        default: ''
+
+jobs:
+  depchecktest:
+    runs-on: ubuntu-latest
+    name: depecheck_test
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ inputs.src_repository }}
+      - name: Build project with Maven
+        run: mvn clean install
+      - name: Depcheck
+        uses: dependency-check/Dependency-Check_Action@main
+        id: Depcheck
+        with:
+          project: 'test'
+          path: '.'
+          format: 'HTML'
+          out: 'reports' # this is the default, no need to specify unless you wish to override it
+          args: >
+            --failOnCVSS 7
+            --enableRetired
+      - name: Upload Test results
+        uses: actions/upload-artifact@master
+        with:
+           name: Depcheck report
+           path: ${{github.workspace}}/reports